As time goes on I find myself, both in my professional and my personal life, adding more and more usernames and passwords I need to remember. I have over a 100 accounts I need to keep track of and access typically access at a whim.

Since it's insecure to both use the same password over and over or to modify a single password per service (e.g. appending "fb" or "tw" etc to a password when using a different service) I have found that a password manager is literally the only thing working for me.

However, as break-ins become more and more frequent, I am concerned that my single point of failure, my password manager, could become compromised. I mean it seems almost inevitable, right? An attacker wouldn't even need to compromise the service or app you're using but your phone instead to gather the same data.

So I'm curious to those of you who use something other than a typically password manager: what do you use and has it been successful or a pain?

I am shocked to see a tech literate audience recommending a single algorithm based password. This is pretty basic stuff. Minimize attack surface!

With a password manager, your attack surface is your email, and the password to the manager. You can focus your efforts on securing those two things with 2fa, a hardware device, etc. Every other password can be extremely difficult, and only grant access to an individual service.

Compare it to an algorithm, where your attack surface is "every service." If one password is compromised, they all are. Then you have to change them all manually, and remember what's been changed, when.

In an age of great open source options like bitwarden, Keepass, and unix pass, there's no excuse for using an algorithm anymore.

The point of an algorithm as opposed to a single shared password is that this isn't true. With a basic algorithm, you can avoid automated attacks based on password dumps. With a more complex algorithm, even a determined attacker targeting you would have a really hard time figuring it out. Regardless, it probably would need to be a few passwords, not just one. Also, any good web service will implement rate limiting and other protective measures, so brute force attacks are unlikely to work.

The counterargument to "minimize attack surface" is "avoid single points of failure", and that includes both attacks and accidentally losing access to all of your passwords. What if I drop my phone and/or laptop in a lake? What if I forget my master password somehow? What if someone installs a keylogger and gets my master password? What if I accidentally install a malware version of the password manager client that steals my password?

Not that I necessarily think that an algorithm is better overall than a password manager, but I think it's not as obvious a decision as you're claiming.

Threat model analysis is a complex topic and not everyone has the same threat model to take into account, so there are plenty of aphorisms on every side and the best advice will almost always be "your mileage may vary" and "take with a grain of salt".

I see an algorithm as a single point of failure of its own, in the case where a determined bad actor has direct access to your algorithm. At that point you've traded potentially complex passwords for intentionally weak and guessable passwords. Yes, rate limits and other protections may mitigate the threat, but once an attacker has access to your algorithm, they quite possibly have a much easier password cracking game to play.

From that perspective, and from the other direction, most algorithms that I've seen make me a single point of failure. I still have to remember a set of weak passwords for every site I use. The algorithm may work to step up the overall complexity and entropy of the weak passwords I use, but I still have to rely on somewhat faulty memory for a series of passwords. Even if that information is easily accessible there's still a lot of variables and forgetfulness that can take place and sometimes it would be me trying to password crack my own passwords (Did I use "facebook" or "fb" or maybe it was "facebook.com"? Was this was password rotation number 12 or 13 or second quarter 2015?). Add in the encoding difficulties to make sure that you can generate a password within the arbitrary complexity requirements of sites themselves (I need a weak password that generates a strong password with no SQL keyword symbols, but at least one capital letter, one emoji, and at least one platitude to an elder god), and you really are just trading one set of complex passwords for an equally arbitrary set of weak passwords (to get the right output I had to use "facebook@2015", transpose odd characters into the Unicode astral plane by divination, and truncate the output to the first 12 code points).

A benefit to a password manager is that my own faulty memory isn't itself a part of the threat model. I don't have to maintain a list of weak passwords and/or additional "clean up steps" to feed to an algorithm.

On the flipside, I don't know anything about my Facebook password inside my password database. I just copy and paste it when it is needed. There are threat models where that is a benefit. If I'm asked, on the spot, in a location without access to devices which I trust to produce my Facebook password, I cannot, because I honestly do not know it. A judge or over zealous customs agent can't make me remember what I don't know. How likely of a threat that is, I don't know, but it's a threat model that an algorithm can't pass if a judge considers your weak password and knowledge of your algorithm as a password that you know and must divulge. That's of course entirely speculation, there's no US precedent on that yet, but on the flipside there are US precedents protecting "I don't have the right device on me", and most bets are off when your threat model includes a government actor specifically threatening you. But it's still a fringe benefit to certain threat models, ymmv.

Not to make a long comment unnecessarily longer, but there are mitigations available based on your threat model to keep a password manager from being a single point of failure:

* Use multiple databases with different master passwords for different threat models/risk level assessments/use cases.

* Explore options for synchronization systems based on your threat models. For instance, I might have a low risk database synchronized with OneDrive/GDrive/Dropbox, but keep riskier databases in various combinations of Keybase file shares, or Resilio Sync encrypted shares, or a lone self-destructible USB thumb drive primarily kept in a safety deposit box. Similarly many file sharing systems allow you the means to explicitly manage which devices have which files/shares, and you can use that to your advantage as well.

(I've stuck with KeePass over the years because it offers a lot of flexibility in how I maintain and sync my constellation of password databases.)

It doesn't make sense to talk of an attack surface without talking about the kind of attack.

Unless you are a high value target, there is a pretty good chance no one is sitting specifically bruteforcing your passwords.

Your biggest source of attack is then a password dump, where you are one of the many millions compromised and now your other accounts (if you reused the same password) are now vulnerable to automated attacks. Even in this case, no one is going to sit around trying to figure out your password algorithm.

Even when it comes to compromised accounts, not all of them are equal. For most people, their primary email, banking and social media accounts are paramount, because they are fundamentally linked to their identity (I would be horrified if my FB or GMail were to be compromised, but only mildly miffed if my etsy account where I have made one purchase were to be compromised).

All in all, it seems that the most important thing to do is to never reuse a password for ANY of your primary accounts (email, finance, social media, other forms of identity). Ideally for those, don't use an algorithm either. And set up 2FA for these.

And for other accounts, preferably never reuse passwords. Whether you use a password manager to manage them or an algorithm should not make too much of a material difference.

I think you're assuming that the algorithm must be reversible, but I don't see why. For example, hash(site|strong_master_password) isn't reversible under reasonable assumptions.

If the algorithm is not reversible, "one password is compromised, they all are" isn't true. Only if the master password is compromised, then all your passwords are (but this is exactly the same with any password manager.)

The one thing that personally I don't like about vaults is availability of my passwords. You need your password manager (i.e. the app) to get your passwords. I've had multiple situations, typically when traveling, where I didn't have access to my devices, and thus I didn't have the app.

In your scenario, what happens if you need to change strong_master_password? I’m assuming you now need to change every password on every single site or else remember your new strong password and your old.

Absolutely! I've been using Keepass soccer 2011 and I would highly recommend it to anyone. It's available for Windows, Android (Keepass2Android), Ubuntu Linux (Keepass2) and I have the encrypted database synchronised via Google. Seamless setup and operation. A must have in this modern age.

I use Linux, Windows, and Android. I decided on Pass [1] and it's been working really well for me. I have a dedicated PGP key that encrypts all my passwords, and they're stored on my own git server.

On Linux I use the pass command, on Windows I use QtPass [2], and on Android I use Password Store [3] and OpenKeychain [4] (for the PGP key).

My "master password" is the password for the PGP key, and I type it each time I want a password. Git keeps everything in sync. If one of my devices is compromised, you still need the password for the PGP key. If my git server is compromised, you'd need the PGP key (which isn't on the server).

It allows every password to be different but you only memorize two things. It is meant to be a "good enough" solution that is much better than using the same password for everything, but naturally is worse than using significantly different passwords.

I've used this for a few years to great success. The one issue I have is I sometimes have to try multiple times when one account is many types of services.

Doesn't this compromise all of your passwords if one of your passwords is discovered? Sure, it would take a bit of thinking to realize what each part refers to and even realize that your password has some sort of generation algorithm, but it would be a bit more secure to hash that password in some way.

That's why I like using LessPass (even though people talk a bit of shit about it whenever it's mentioned on HackerNews). I have a single master password, the rest of my passwords aren't compromised if I accidentally expose one of them, and I can log in to any site from any device with a browser. Of course, use 2FA when you can, but it's nice to have a secure first layer of defense.

It’s very unlikely anyone will take the time to figure out your pattern unless you’re a high value target. If your password just gets exposed as part of a credential dump among 100 million others then the thieves will automate their attempts to try your password other places and it will fail.

You can always enhance the algorithm. For example, use multiple base password, and arrange them based on the servicename. So hunter2 for everything that starts with h or a-c or a-k or with 5 characters. It's your choice how complicated it becomes. Additionally you can mutate the servicepart. Like break it up every n characters, or every syllable and add some service-specific value in. Maybe use the lenght of the servicename multiplied with the number of syllables plus 4. You could also use a random characterstring, lets say the ones from numberrow, and calculate entrys whith those numbers. Like, move by n syllables for every char you add. It's not really hard to make a rather complicate algirithm with the tools you have around you. It's just cumbersome to remember and execute it in case you need it. So unless you really fear to be personal targeted, it's not worth the pain.

Yes, but that master password should a) be incredibly secure (mine is longer than 32 characters) b) only be used for your password manager and nothing else. If, instead, you reuse a password in several places, you're only as secure as the weakest link in that chain.

I do basically the same thing, and have for years also. My only frustration with this is that with some sites, due to arcane password restrictions, the algorithm either isn't implementable, or is only implementable in such a way I won't remember. So 90% of the time the strategy works great, and in 10% of the time it fails due to idiosyncracies of the sites involved.

I hate the stupid restrictions sites place on passwords. There should be almost no restrictions.

The Algorithm is a great solution - breaking the pattern would require password leaks from 3-4 different sites, and a human to spend time puzzling over it. For automated bots the passwords look unique.

What's your solution for annoying sites that require changing your password every 3-12 months, and not reusing previous passwords? If eHunterG8 becomes eHunterG9 and then eHunterG10, how do you remember the number you are up to?

> What's your solution for annoying sites that require changing your password every 3-12 months, and not reusing previous passwords? If eHunterG8 becomes eHunterG9 and then eHunterG10, how do you remember the number you are up to?

Good question. I just start with 2 (yes, that's weird) and then increment every time or choose the symbol so I eventually exhaust. This is the same question for unique password per different types/groups of websites. The good thing is more websites have abandoned the annoying security question/answer when it comes to forgot password/forgot username. Just straight to SMS/email. For example I cannot remember my cable provider's online account password. The policy is just ridiculous, so I use "forgot password" every single time. Email only, quick and simple.

Please for everyone reading this - please abandon security questions as a requirement and stop being so hard on password requirement such as limiting the length (Twilio I am looking at you, yes). Just ask for a long password and give hints to users how to choose a good password. While the argument for complex password is to increase the search entropy, let's spend more time on securing your server and mitigating common attacks. Users will probably just append a number. So "myAwesomePassword$" is easy to try once "myAwesomePassword" is compromised from another service. Educate your users.

Let user be responsible; I have my "secure" complex rules for password, let me be in control, I don't want to bend to meet your requirement.

Another alternative is always ask for a one-time password (but a lot of users will find that very inconvenience). Choose one.

Ehh. Any password cracker worth their salt would be able to use rules to break hashes created by "The Algorithm", especially easier once the base word has been figured out or supplied by a single plain-text leak.

Yes, the algorithm is breakable with a few examples to figure out the base word and the pattern. But this requires human attention at your personal algorithm.

Unless you are enough of a celebrity or public figure to be personally targeted, nobody will bother. A password leak is going to have 100 million accounts in it, at least 50% of these reused without modification at other websites. Any automated bots and spammers will just try the exact passwords on other sites. If it doesn't work, they move on to the next account and password, instead of trying to guess modifications of non-working passwords.

My algorithm gives me flexibility to increment the password. I've had to do this before and almost all the time, I use it enough that I simply remember, "oh this banking site is incremented twice".

I have no opinion on password managers. It's just something I don't want to commit time to. My solution is easy and requires no management on my part. Ie. no software or hardware or anything to maintain.

I'm a fan of mixing this idea with something like 1Password. Obviously depending on the application, the security increases or decreases. My approach is to memorize multiple base passwords though & then mix it with some random gibberish. So I might write my password down like this:

KXl2h!H (H)

That would tell me that the password is KX12h! plus whatever the base password for H is. My hope is that unless someone was really targeting me, I would be skipped over as not worth the effort.

This way, even if someone broke into 1Password or one of my other password managers, they still wouldn't have the password.

The part I struggle with most, is how/where to store these & Authy/Google Authenticator tokens in a manner that they can be delivered to specific people in the case of my death without decreasing security.

>The part I struggle with most, is how/where to store these & Authy/Google Authenticator tokens in a manner that they can be delivered to specific people in the case of my death without decreasing security.

I recommend reading about Shamir Secret Sharing. You could have a system setup such that (for example) you give 16 friends each a code and 9 of your 16 trusted friends all have to work together in order to get the original secret.

I'm a bit surprised at all of the people suggesting "remember one password, and mutate it with an algorithm based on the website name". That means that if you have to invalidate one password for any reason, you have to change all of them. On every service that you use. Do people really do this?

You need to somehow have access to the backup of your database (in my case KeePass) in case you lose it. If you put the password of the access itself in the manager you are in a deadlock. It is much easier to end up in a deadlock situation like this than one might think. So carefully play through restoring your backups in the worst case scenario.

In my case, I am using Google Drive as my Backup Storage. If I were to put my Gmail Password in the manager I'd be locked out in the worst case and would not have access to my backup.

You most likely already have another single point of failure: the email account that you use for "forgot your password" resets. So, I make that the only point of failure by choosing long, secure passwords and not really trying to remember them, resetting the password every time I need to log in to a rarely used account

* descriptive, long passphrases, that I usually have no trouble remembering. e.g. Facebook could be "I talk to my friends".

* salt to make stupid password rules happy and to make it somewhat safe to write down passwords. e.g. "mysecretsalt42$". This gets appended to all passwords and doesn't get written down anywhere.

* encrypted text file, used rarely when I forget a password. e.g. `vim -x socialmedia.txt`. I find this a bit better than Keepass or pass because it's not one obvious attack target (both the file and app).

We really need passchange.js: an open source collection of headless JS scripts that can programmatically change your password on a given website. Then you would continuously rotate _all_ your managed passwords as well as your master.

Not a panacea, but significantly minimizes the length of a theoretical breach.

Thanks. Yeah; that's the idea for bootstrapping. At some point, I'd love it if sites themselves published APIs or at least manifests (similar to /robots.txt or favicon or a URL in a HTTP header, etc.) of how to programmatically change passwords.

A real problem I ran into is that a full browser is required for many operations, now. Instagram.com, for example, is completely opaque to non-DOM+JS browsers. Right down to the shamefully empty `<noscript>` block.

Please don't get me wrong, it would be great to have a service to centralize all your passwords including rotation, but this already exists. It's Google/Facebook if you choose to use oauth to sign in into other sites.

If this kind of api/js would exist and work, an attacker could exploit it to automatically change user's password.

Note that changing password is often used also as a simple mechanism to log out all the sessions (simple = easy to understand for the end user).

In summary, I really hope all website would do all they can do to protect their change password endpoints from automatic tools.

For me, passwords need to exist and need to be remembered, because if this is not the case, then many other security assumptions fail. With this I don't want to say that the current state of affairs is good, I definitely think that we need to invest in more mechanisms to help users remember their passwords, or reuse them in secure ways.

I used a small script to generate my passwords :
I choose a simple password, I append the domain and I hash the string. I take the first 15 characters of the hash as a password. I find it quite convenient and easy to remember !

(Data: I have 72 logins currently cached in Firefox. Every single one of those sites accepts 10-character mixed case alphanumeric passwords with no extra special character requirements. About once a year I come across a site that needs one.)

That's what I ended up for MemPa (described above). The idea is that I can't read binary sha256 output, and everything I know that can translate in hex can also translate in base64 leading to shorter secrets.

For the special chars, I chose the Safari way of encoding, i.e. I only extract alpha-numberics from base64, and add a "-" every 3 chars. This also improves readability. I assume that if Apple chose this way of doing, either they studied it and/or sites will conform to that.

I also use pass and sync it with my android phone using OpenKeychain to manage GPG keys and PasswordStore as the actual password browser. Copy/pasting randomised passwords on both desktop and mobile is easy once these are set up.

If I’m understanding your suggestion correctly, it contains an attack vector where Provider B can obtain your password for Provider A by getting you to sign up for a new account and presenting the same “cipher” as Provider A.

"Just use a password manager" is actually a simplification for doing proper threat modelling because most people don't bother thinking about it.

For each site you have to consider; what is the worst thing that could happen if somebody gain access to that account? Do you have a meaningful online presence on the website? Did you enter private information that you don't want to go out? Did you provide your credit card to the site? It would actually be useful if sites where classified by the type of information and access that they require.

Another short answer would be: memorize your computer, email and password-manager passwords. Use the password manager for day-to-day sites. Add a second factor for juicy targets like net banking. For all the other sites, generate a random string and throw it away. Use password reset the next time you want to log into it.

I need to remember just 1 good password (that I don't use anywhere else). I use it to encrpyt different passwords for different uses (gmail, banking, etc). I put the url with encrypted password in my bookmarks and a google doc (to share with my wife).

To hack me, the attacker would need get both the link (from my laptop's bookmarks) or from the google doc ... and then would need to guess the password to decrypt it.

I know it doesn't answer the question, but it does hit at the heart of the issue. I use Enpass - the only password manager I could find that doesn't store your info for you--because I was also concerned about breakins and single points of failure. I am able to keep my entire password collection on my local hard drive and in whatever online storage tools I'm using currently (onedrive, google drive, etc). This seems to fit well while removing the issue with online password managers.

I switched to this after being a long time lastpass user, I'm regretting it. It's visually a lot better but it is terrible at generating passwords and saving them. On both windows and mac with chrome I click the 1pass icon and click generate (nothing happens). If something happens it shows up as a new entry if I go into the vault with no site or anything just a random string that I then maybe copy paste? (ugh). There also is nothing that pops up that lets me alter the specifications for the randomly generated password. Lastpass did an amazing job of this, 1password just seems broken all over the place.

When I did the export/import it ruined tons of passwords because if it had an ampersand symbol (&) it turned it into &amp; resulting in me editing tons of passwords manually. It sucks at saving passwords too, lastpass just worked.

Plus no check on password integrity or strength or leaks. It was nice to do a scan and check on what passwords should be updated, what my duplicates are (if any), mass update, etc. So, basically I went from free but kinda ugly to pretty but broken and more $. This has been the worst trade deal in the history of trade deals, maybe ever.

YMMV but I wish I didn't switch and to move back would be another annoyance that I might do if I didn't just pay for the year.

Hm. I just checked on both of these comments, and it seems 1password manages both quite well.

re: password generation in-browser - this is working just fine for me. [0]

And re: pw integrity or strength - this might not be everything you're looking for, but it's close.

under a 'Security Audit' tab, it has categories for:

- Watchtower (logins associated w/sites that are known vulnurable/exploited)

- Weak Passwords

- Duplicates

- 3+ year old PWs

- 1-3 year old pws

- 6-12 month old pws.

I'm not trying to be a 1password apologist, but I find it to cover my day-to-day use _very_ well. To be sure, I still tweak things in the UI at times. It doesn't capture login URLs perfectly all the time. Etc. But it's pretty good.

Wow, this is not at all what my screen looks like. Maybe it's the extension itself that's lacking? [0]

I don't have any of these other options either. If I click on generate password the box just goes away. Maybe I should scrap the extension and just use the mac/windows application? I was reading a number of reports about not syncing between these. If I have both on maybe it'll cause issues?

1Password used to be better at this. Generating a password was pretty obvious, it was consistent across mobile/desktop, and the save workflow was better. It’s been several versions since that was the case (v. 3, maybe?). Now I have to hunt for the functionality and then it gets put someplace with no reference to what it is.

Plus no check on password integrity or strength or leaks. It was nice to do a scan and check on what passwords should be updated, what my duplicates are (if any), mass update, etc

I know the Mac version will give you all of this. Compromised sites, dupes, weak passwords, old passwords, there’s a filter for each, and I think you can make your own. It does not appear that you get this on mobile, though.

I've been happily using 1Password 4 for many years, my credentials are encrypted and synced via Dropbox. But I hear the latest versions require you to use their cloud service, the self-hosted version is no longer available. Is that true?

I use 1Password for not only credentials but as a document vault for everything from passports, birth certificates, anything else that falls under "needed after the house burns down". It's one of the most elegant pieces of software I've ever used.

1) passwords are a serious stuff, so you want serious people to to some serious work behind your PM (AKA, it can't be free);
2) passwords are a too fundamental tool of our digital existences to have a monthly-based subscription. The idea of being locked out of your services when you can't afford to pay the monthly fee is just horrible.

I totally understand why they need/want to change their pricing model, and support it even. I don't understand why they've bundled a change in the product along with it and that's what I take issue with.

I'd happily pay them $5/mo to continue using their product as I've been using it - with local vaults, not with their cloud product.

I won't take their product for free if it comes with a forced "upgrade" to the cloud service.

If you're worried about storing your passwords somewhere where they could be compromised, one alternative is to simply not store them:

1. Generate a long random password.

2. Use that password once, but don't make any effort to store or remember it.

3. When you need access to the service, use the Forgot Password flow. Return to Step 1.

This is admittedly inconvenient, especially on mobile, and it won't work well if you routinely use devices that cannot access your email. But...it is an alternative approach that removes the need for a password manager.

In my personal experience, this approach has worked well for services I use rarely, especially those with good Forgot Password flows or long remember-me session times.

See also: Passwordless[0] is a Node library that discusses a similar approach to authentication from the service's perspective.

I have a file on the local drive of my office computer and a sheet of paper near my home computer (used by me and my wife). When the sheet of paper is full of handwriting, I bring it to office to synchronize both list.. When my house has been robbed last year they have not found the sheet, but if they had, I could have changed all passwords very quickly. In case of fire, the backup is safe in a remote location. It is easy to carry, duplicate or destroy. The security at office is ensure by the IT service. This may be imperfect, but I think my list of password would not be the main target of an attack. At home, my wife is often present and would quickly notice if a burglar steal the list. When I go on holidays, I take the home list with me. I think it is quite successful.

> I think my list of password would not be the main target of an attack.

I used to have a little notebook with everything, tucked 'securely' out of the way. I mean, even in a robbery somebody isn't going to rifle through some junk on a shelf right? I came to think though, that in that situation of course a list of passwords is not the target but if the robber has a small amount of technical knowledge (getting more likely, these days) then the risk is that they recognize the value of something like a book of passwords and just take it along. All of a sudden, their technology aware friend has access to my bank account!

So, I use Keepass now with a long passphrase, and syncthing keeps copies of the database distributed across several devices in several locations for me and I have access from all the various operating systems that I use. I am thinking about giving the passphrase to a friend also, as I have known him for 30+ years but I do not work with him or live near him and see him only yearly or less.

Keepass-plus-syncthing is my weapon of choice also. Using your phone as one of the devices gets around the whole "bring your sheet of paper to work day".

It would be great if someone added this feature into Keepass so that you didn't have to use an additional tool. Each instance of a database would have its own key and set of linked databases. When you open the database it would sync with every one of its linked databases that is also open. This would (hopefully?) get around the problem of adding new passwords to different databases before syncing. I expect one issue might be that people tend to only log into one instance of their database at a time.

The actual attack to be worried about is that an adversary copies the sheet of paper without your knowledge. There's no need for an attacker to remove the physical list or to be a burglar. It could be someone you know.

If your PC is compromised it's pretty much game over, using a password manager does not really worsen the damage in that scenario At that level of compromise they can probably add a root cert, MITM your connections, and grab your passwords anyway.

If you're concerned, you could use separate files for different levels of security, which would give you the theoretical ability to compartmentalize the loss. But again, if you're compromised to that extent it's game over, there is nothing you can do that will allow you to operate securely on untrusted hardware/OS, you simply can't let that happen.

It's not like that's an unreasonable goal, the combination of Ublock Origin, Windows Defender, and common sense have kept my systems clean for 10 years now.

An idea for a side project I had for some time: Use Raspberry Pi Zero connected to the PC as a password manager . Explanation: RPi Zero supports OTG and can emulate USB keyboard (in other words, it can "type" your passwords for you).

Never got too deep into this idea, but it shouldn't be extremely hard to implement. Need to create some mechanism to allow the web browser to ask the RPi for a password for a certain site, and use GPIO to connect a LED Matrix display (16x2) plus some input method to allow the user to physically confirm the password request (possibly PIN entry or a simple yes/no button for simplified usage)

Funny, I am doing something like that now, but using an smartphone with a fingerprint reader, instead of a Pi and sending the password through Bluetooth (adding USB might be a good idea, though). My problem with the Pi is that it is another bulky device to carry or loose, even the Pi Zero.

My implementation still has lots of security breaches and I don't want to publish something so fragile. I still need to implement fingerprint and time-based authentication. Therefore it still is vulnerable to MITM attacks.

Since you're already using a phone for this, why not just use Keepass2Android USB Plugin [0] which emulates a keyboard and "types" the password. Requires Android, and probably a device with kernel modules for USB HID.

You won't have to worry about the security and integrity of your Bluetooth connection and the risk of an external sniffer -- but you'll have consider if you trust the computer you're plugging it in to.

I love and use KeePass on my PC, although not on Android. Will try it, thanks for the tip.

However, a problem I have with KeePass is that I can't get my wife to use it. It is too complicated for her. Even the idea of plugging the smartphone through USB is already a "no" for her. With Bluetooth she might not even need to take the phone out of her pocket.

Anyone thinking of trying to crack that, well good luck. I removed and twiddled a few characters from it, as if it wasn't hard enough already. Oh but here's how to decrypt if you really want to try:

echo "$data" | openssl enc -d -aes-256-cbc -a -salt -pass env:MY_PASS

That's not a script, it's just an excerpt. You'll have to guess the password. You should probably do something else with your time.

Since the text file is encrypted, I store it on Dropbox. Then I can access this from any computer where I log into Dropbox, provided I know my main password for decryption.

Later I can type 'get facebook pass' on the command line and the get script will retrieve the best matching entry, decrypt the value, and put it in my copy paste buffer ready to paste.

The biggest problem with this system is sometimes when two or more entries are a close match to whatever keywords I input, it may pick the wrong match. I need to improve it to show a list to pick from in those cases, or work on better ways to remember the right keywords for each item. Also my matching heuristics could be improved.

I use this in conjunction with a command line script for generating strong passwords. Most accounts have different passwords at this point and they are all strong. One problem with the script is I sometimes have to tweak the resulting password by hand to match whatever (generally dumb) rules are in place at a new site... when I say dumb, I mean for example, '!' not allowed, etc.

For sharing web passwords with my phone, I just allow Safari to remember them and then trust iCloud, for better or worse.

Overall this is not a pain, and pretty successful. But if someone got terminal access in my account on my computer, it would be game over... so I try not to allow that.

I do something similar: passwords created by a script, stored in an encrypted file that's only unwrapped when I'm fetching or storing something. It's important that the entire file is protected, requiring a password every single time. Like you, my biggest gripe is sites with special snowflake "make it hard to remember but keep it low entropy" password policies that preclude the original generated password. IMO we as a community need to start shunning such sites the same way we do for rogue SSL/TLS cert providers. As long as they exist, it's harder for even security-aware sites to move forward.

The problem is that there is no character-type pattern - most especially not your base16 suggestion - that will satisfy every site. Many sites require special characters. Others forbid them. It's literally impossible to satisfy both with a single non-parameterized generator, and as soon as you start adding parameters those effectively become hidden parts of the domain name. Worse, many sites don't even tell you what the requirements are on normal entry (only on change). If you can't remember what particular tweaks were necessary then it's back to the good old "forgot my password" dance - making your email password your effective password for all such sites. It's easy for app developers to be careless or "clever" about their password rules, but it's a pain for users and it's bad for security.

Have you even used the internet much? Some sites do require symbols. And some sites have ridiculous rules that your suggestion would also not help with. Also, restricting yourself to the 16 characters in hex encoding makes your passwords that much easier to guess.

The bits are not redundant. When you have a larger alphabet, you get more possibilities for the same length of password. Sure you could also have a password that consists only of 1 and 0, but then you would have an unreasonably long password. Just as you would also have for a hex password, to a lesser degree. To carry it to an extreme you could have your password consist of just one character repeated a secret number of times, and yeah, sure, in your little theory world the amount of entropy could still be the same, but practically speaking it's a stupid idea, just like using hex characters.

You really are confused about this stuff.

You also seem completely unaware that many sites have password rules that require special characters that don't exist in your scheme... lol!

Remember that your email is part of your password. When sites are compromised your email is never encrypted and when you use the same email across every site a hacker now has part one of your login. For those unlucky to use the same password across many sites, once the password is obtained it can now be used at other sites. If you have a unique email (login) to every site then using the same password becomes less of an issue as the hacker now only knows 1 part of the authentication values. Still best to use different passwords though.

I agree that browser-based password managers and password managers on Android are insecure. These platforms have huge attack surfaces.

I'm using ForgotIt? [1] because I'm its author. It doesn't have a browser interface and doesn't have a mobile version. I would make a version for iOS if I used an iPhone, but I have never planned to make an Android version, because Android devices are just too insecure. (They are theoretically secure but in practice most of them don't get enough security updates.)

That being said, ForgotIt? also has some weaknesses that are laid out in its documentation. It doesn't lock memory, so you should use encrypted swap or disable it, and its keystretching algorithm compromises a higher security margin for speed.

Depending on your threat scenario you can also keep some of your passwords written on paper in your wallet. You could also keep them in a physically secured place like a wall safe. If you're worried about targeted attacks, that's in fact the best choice for most people, since no current operating system, no PC, no tablet, and certainly no phone is currently safe from a targeted attack by a dedicated adversary.

I have a function which is easily computable by hand but uses information only known to myself, which converts the website into a pseudo-random password.

Obviously I can't tell you the actual function I use as this would reveal all my passwords, but for example, you could use ROT13 on odd numbered characters in the domain name and then add a fixed string to make up the password length.

I still use the browser password store with non-critical websites for speed, but can still get into any site where I have an account from any machine by re-calculating the password in my head.

Of course, this isn't secure enough if you're someone who might be individually targeted by hackers (eg: if you work at a large company or in government) - if they obtained a few of your passwords, they could reverse engineer your password function and get into the rest of your accounts. You can mitigate this by separating the sites you use into different 'security clearance' levels (eg: those with access to your money, those with access to your personal info, etc) and having different password functions for each level.

I am at the moment also trying out password managers and searching for the best one. Lastpass so far has the best features, great password generation. But on Android it lacks a good and decent integration in finding and selecting the correct password for an app. Seriously bad.
1Password is better in this regard, but you can not swipe the 1password "click here to fill out with 1password" away. So also definetly a dealbreaker. But 1password is great at only showing the correct password for your app, after selecting it once.

Regarding the user interface don't get me started on keepass. It was recently forked into keepassxc but the chromeipass/ foxipass integration does not work all the time. Also love it if a website just shows your username already and you have to fill out the password and can't use hotkeys. (I am looking at you google) Lastpass can do it successfully, but keepass...

The Android interface was last tested a few years ago by me and it only had a notification area you had to always show. I don't know if it is much better at the moment.

Regarding your password security: Lastpass itself encrypts your passwords and hashes them thousand times. You can also manually adjust the hashrate to even more. So even if lastpass would get cracked. You would have to try out every possible hashing number with every possible password combination. So thats a plus.
Well compromising your pc and installing root would be your least concern. It would be easier to steal your phone, get your fingerprint and unlock your database this way.

You can never be 100% secure. But have to choose your best way of doing it.

Also i am open to suggestion regarding a great password manager for android. Will have to try out keepass and dashlane again.

I would suggest Bitward[0]. I used Lastpass (premium) for 3 years but when I switched from Chrome to Firefox Nightly a few months ago I learnt that Lastpass didn't have a web-extension for Firefox (it was the old extension which wasn't compatible anymore). I waited a few months hoping they would release it quickly since there's very little difference between a Chrome and Firefox extension but nope. So I canceled my plan, exported my data to Bitwarden and went with it instead. I haven't been disappointed.

> a website just shows your username already and you have to fill out the password and can't use hotkeys. (I am looking at you google)

I don't know about mobile (especially Android), but at least on Google's authentication page, even though it only visually presents the username field, the password field is already there and is filled out by 1Password.

Bluink Key is impractical for attackers to target because they need physical access to your phone, they need to know your phone's PIN, and they need to know your master password to Bluink Key. This is very difficult to pull off assuming you usually have your phone with you and have a decent PIN/master password.

Bluink Key is also relatively unprofitable for attackers to target because a successful attack would only yield passwords from one individual, whereas a successful attack on a traditional, cloud-based password manager would yield passwords from millions of users.

Don't store your passwords anywhere, have them be determined by generating a unique password based on the service name and a master password with an added salt, this is similar to other proposed algorithm methods except more secure because your unique salt is used in addition to your master password, so even if someone guessed/learned your master password (e.g. social engineering) they would not be able to generate the same result passwords for services without your unique salt that's only located on your device(s) which should (hopefully) be physically secure.

This way you only need to remember one password (master) to re-generate your password for any given service, and nobody can replicate the resulting service passwords without knowing BOTH your master password and your salt.

I wrote a proof of concept a few years ago, it's pretty outdated and generating word phrases would be better than just hashes, but it conveys the idea:
https://github.com/wyqydsyq/ysnp

As someone else did (deep in a comment thread), I'd recommend MemPa, an algorithmic password generator that uses one master password plus the site and your username to generate (or recover) your password.

Using MemPa (which is basically one line of JavaScript), your passwords are always hard to crack, retrievable with one password and yet never stored anywhere so there's no tempting honeypot for hackers to target.

I thought this was a great idea to the point where I put together a Chrome extension to try it out a few years ago.

In theory it's solid but in practice, websites with arbitrary (and foolish) password requirements means your generated pass is likely to not be accepted. You can add fields for tuning the presence of non-alpha and capitalised characters but then that needs syncing and at that point - the benefits aren't really there.

I think I share your same concerns: I don't want to rely on any single application for my entire security (and some passwords are my entire security).

I recently blogged about the algo I use [1], it's a simple deterministic base64(sha256(.)), which is easy to remember and apply everywhere.

The post was pretty successful compared to my usual views/comments, and with a group of friends (all former researcher in security) we started building a MemPa [2], which we just released for iOS/Android.

I use a script that generates passwords based on a master password and a "site tag" (originally used for web based logins, but the site tag can be any word really, eg "somepieceofsoftwareyouuse").

You can find a web version here:
https://milliways.cryptomilk.org/passhash.html
You can save the page locally (it's only a piece of javascript), or extract the functionality to build your own command line tool with nodejs from it, like I did.

(not my code, and I shamelessly grabbed the pieces from the js code for my own fork of it)

This way I have a new password for every use case but only need to remember one master password, which should be pretty hard to reverse engineer. I hope.

This might sound like I'm trolling (honestly not) or trying to seem superior (Again, really not), but I try to simply use long passwords and memorize them. I'm fighting back against what I perceive to be the erosion of memory by my increasing dependence on modern technology. We don't need to remember stuff anymore, we just use this algorithm or that password manager. In the past I've used keepass, and I keep that as a backup for rarely used things, but increasingly I just try to memorise long passwords or pass-phrases for the key services that I use every day. My credentials for google, paypal, amazon, github, dropbox, onedrive, online banking and more are all just memorized rather than stored.

I have a folder with encrypted text files containing a password for each service. It is available locally and backed up to the cloud (with another layer of encryption). The key is in my head, no backup.

A script lists all files through fzf[1] which lets me find and select the right one very quickly, then copy to clipboard (expires after a few s). In a laptop the whole process of switching to terminal and grabbing a password takes a couple seconds, slightly longer on an ipad due to app switching.

I have a plain-text file storing various important information, amongst it passwords, on an encrypted LUKS volume at a server running in my basement that I can access via SSH from anywhere in the world. The "password manager" for that is a simple bash wrapper around an awk one-liner that's called `secret` and placed in my $PATH.

Always going to be a security/convenience tradeoff to some extent. If you expect to be targeted by The Baddies (tm), you want to tradeoff convenience for security. Spend some time every day memorizing long random strings and hope you never get hacked using the Wrench method[0].

If you're not expecting to be specifically targeted, then "modify a single password per service" can be surprisingly secure. Don't just add "tw" "fb", but memorize a more complicated algorithm that's not obvious from inspecting two or three leaked passwords. e.g. Basic Caesar Cipher on the odd characters of the passwords using some part of the service name (fb, tw) as a key. Memorize a single algorithm that you can do mentally. Use something completely different for primary accounts (probably bank + main email that allows you to reset other accounts' passwords).

Some people will disagree and say "just use a secure password manager", but there is a valid argument that managers are not necessarily the best solution, depending on your use case.

"Depending on your usecase" - e.g. you use many devices, need your passwords on all of them, and don't trust any of the current password managers to do their job (which is valid due to the many breaches and vulns).

Is the reality that your home-grown solution is genuinely going to be more secure than one of those current password managers? I doubt it.

However, I agree that for some people existing password managers seem either too complicated (KeePass) or expensive (1Password). In that case, I recommend:

1. Generate a password randomly using a 'diceware' type methodology

2. Use a standard prefix in front of all your passwords.

3. Write the password without the prefix in a notebook that you carry everywhere.

It's still not as good as 1Password because the passwords are not encrypted. But it's better than using a predictable algorithm that you have to remember. And of course, it's better than the system this often replaces - using the same 8 character password everywhere.

But I still strongly recommend paying for 1Password. How much do you pay for a padlock for your bike, or a burglar alarm for your house?

I never claimed it was more secure than a password manager. Just 'surprisingly' secure. You get something easy to remember with a lot of entropy that's difficult even for someone targeting you to exploit and which mitigates against the more common attack of cracking passwords en-masse from a leak and retrying them.

Yes, it has its own attack vectors, but they don't include things like ads stealing your info from your password manager [0] and apps stealing your passwords from your clipboard [1], both of which are legitimate reasons why you might want an alternative to a password manager.

"home-grown solution" has very negative connotations in infosec and rightfully so. I don't like seeing it in these kind of contexts as it blurs an important distinction between "Don't write your own random number generator if you're creating an app like Signal" (don't do it) vs "Find a solution to deal something as shitty as passwords in a way that works for you" (do it).

Your recommended method might also suit some people better (e.g. people who already carry a notebook around everywhere and guard it carefully).

There are no silver bullets out there. Work out what your needs are and then find a reasonable solution. It might be a password manager. It might not be.

I am working towards a two-tiered system. First tier is kept on a physical PasswordCard and muscle memory, and cycled annually. This is for the sensitive passwords. Second tier is handled entirely with a password manager. The password manager generates, stores, and fills them in for me. These are not sensitive and cycled/recycled as needed. I still have this nebulous "third tier" of leftover passwords that haven't migrated on the new system, where I basically use variations of the same two semi-secure passwords. I hope to eventually get rid of this tier.

Please consider the prevalence of high resolution cameras when using paper or even a clear-text document for password storage. A page from your list could be exposed to a security camera, compromised IoT device, or the sneaky person behind you with a cell phone, and you would be unlikely to know it happened.

And if you use a password manager, please store your master password in a well-sealed envelope in a safe place for your loved ones to open in a worst-case scenario. All your passwords may be compromised if it's stolen, but at least you would know it happened and can change them.

I believe putting all your eggs in a single basket isn't typically regarded as the most safe approach.

Though typically your machine gets compromised and doesn't really matter if you type something from memory or copy paste it from a password manager, you are screwed. A proper way to restore your access that only you can do seems more safe. A password or login can be compromised, but as long as you have a way to regain (sole) access to your account, I think that is more valuable.

LastPass users: note that "lastpass-cli" [0], a utility for managing your LastPass database entries from a terminal, exists and is (for me, at least) very handy when doing anything outside of a web browser.

Create a few aliases in your shell and you have a very convenient, easy-to-use (for the HN crowd, anyways) tool.

Some people use plaintext files in a git repo in an encrypted disk image file with a long passphrase (Windows disk image (Bitlocker), macOS encrypted disk image (AES256), and Linux LUKS encrypted image (most modern symmetric ciphers)). "Small" images hold lots of passwords, and you can drop the images in private cloud locations and USB storage in a safe. This method lacks auto-locking after a timeout and easy mobile access.

I do have a basic algorithm in my head for when I don't have my password manager of choice, keepassxc (https://github.com/keepassxreboot/keepassxc) on hand, but I highly prefer to just keep seperate keepassxc databases and secure them by keeping them stored on fde removable media (microsdcards are easily hidden).

This is almost totally impossible for most people. Banks have notoriously terrible password and 2FA policies, so even in the unlikely event that they allow a long/strong password, you're stuck without 2FA (or with SMS 2FA).

My alternative is believing that not all websites you log into pose the same risk to you and accepting some risk. This means I divide websites that require login into two categories:

1. I don't care if somebody gains access to my account

2. I do care if somebody gains access to my account

I use the same password for all the websites on the first category. It should be at least 8 characters long, consists of a made up word with some numbers and characters. Example: 7%Frifells. I drop the special character on websites that don't allow them in passwords and then it's a matter of failing to log in once and trying without it.

I use a different "xkcd" password (https://www.xkcd.com/936) for every website on the second one. Those are essentially catchphrases which I end up associating with the website I use them for. They consist of several words with numbers and special characters (using the example in xkcd, mine would be correctHorse?1batterystaple!).

So, I have to memorise about 8 passwords, all which make sense to me. In addition I have a password reminder file which consists of the website URL and the first two/three characters of the password. I don't bother adding completely unimportant websites from the first category.

If my password from category 1 gets compromised then it's a bit of a hassle to change the password on all the websites on the files, but no harm done.
If a password from category 2 gets compromised then it doesn't affect the other websites.

---

I wish a lot of websites would realise they can be password-less. Pinterest is a good example. I have never posted anything, they don't have any personal or financial information from me and if and the only reason I registered was because I wanted to search something there once, and they made me register for that.
Same goes to Quora and many other websites. I think all those should allow registering without a password but limit the functionality of those accounts.

IMHO, this is a curious way of thinking. Why put in the work of trying to secure one account, but not others? Wouldn't it be easier to simply secure ALL and not have the mental gymnastics of "how much do I care about this?"

Each account an attacker can gain control of, is more information they can glean and potential leverage points to gaining access to the accounts you do care about.

I actually ctrl+f for xkcd[0] to see if someone jumped the gun on posting the cartoon.

Something like that for a base password and then for each website mutate it a bit. Other people in the thread described methods they use.

I also use lastpass(paid personal), keepass+chromepass(work). Where I normally save the base password(and added mutations) yearly to change the base; or save the mutated password as I use it more for convenience.

I do not save certain financial and banking related sites.

And recently actually had a bit of a panic attack as I forgot my master password for a hour or so. Realised I need a fail save if I forget it again. Something like telling a close friend or sticky note to the monitor.

There's also keychain https://github.com/levaidaniel/kc
Open it with a master password, copy passwords from it or save new entries. You can have the single file database in a shared service like Dropbox and use it from any computer.

Bluink key is a password manager, OTP generator and FiDO U2F key all in one. It is a smartphone app for iOS and Android that stores all your passwords on your phone, not in your browser, not in the cloud.
You can generate different, random passwords for everything and add 2FA to your most important logins.
Check it out! Bluink.ca

I'm using Trezor hardware wallet which also has password manager (https://trezor.io/passwords/). I'm storing important secrets there (e.g. master password to my regular password manager which is Avast Passwords).

Until about 6 months ago, I used a physical password manager: a small notebook that I kept with me. It posed a greater risk to a physical attack (theft or snooping), but I accepted that risk over using shared passwords across services.

I've started using LastPass as a replacement for this, and have been happy with it.

To mitigate the single-point-of-failure steganography (hidden containers) would help. That would offer compartmentization and deniability. One tool that implements this: https://github.com/bwesterb/pol

I have a folder in which each text file contains the username and password(s) for a particular domain/service. The hard drive is encrypted and its backups (on geographically spread external drives) are also encrypted.

I let Keychain (MacOS) remember the passwords, so I never really think about them.

I use a small truecrypt file containing text files with passwords generated randomly which is available online on some of my servers. Not perfectly secure nor the best ease of use but good enough for me and not using a third party.

Note: as TC has been discontinued, using VeraCrypt would be a good idea.

Some years ago my solution was a notebook in a physical safe. Not recommending this, but I already had the safe and I reasoned that for the assets I was protecting, it was unlikely that a thief or anyone who might gain physical access would be interested.

At this point I usually let iCloud Keychain generate, store, and sync passwords, but for some sites I still use a Javascript password generator [0] I originally wrote in 2003 or so [1] – I may be the inventor of in-browser hash-based password generation. It spawned a bunch of similar sites, and it's still useful, so in that sense it has been very successful – but it has all the frustrations described by others here: updating passwords is a pain, "special characters" have to be added, &c.

This seems to me like a very clean solution, is there a Chrome extension version of something like this? I'd love to tap on a password field, enter my secret key, and have it autofill based on the domain of the page.

If someone suspects such a solution is being used, they can attempt to crack the master password. Combined with the weakness of this not supporting forced password rotation or varying complexity requirements well, it's really not a good solution.

Why would anyone suspect that? You're talking about what 1 in several million users? All you have to be is above the threshold of "easy to hack". I'd like to be referred to such a thing if there is one already.

As I can't salt the hashes the attacker can precompute all the passwords he wants to try. If that takes 1 minute, it will take 1 minute for a database with 1 billion passwords and 1 minute for a database with 2 passwords.

> This wouldn't work, as the attacker should know both from the database.

You mentioned pregenerated lookup tables in a previous comment. Using email address as salt prevents that attack. Salts come with the database too.

> Anyway: If the user really wants, he can already add his email or name to one of the input fields. A salt is just another input to the hash function so this would be the same.

The proportion of people who would supply it as a salt is much greater than those who would otherwise prepend/append that data to the password.

> Meaning that a 12 character random mixed alphanumeric password would already take longer than the scrypt approach thanks to the way the exponential function works :)

Yes, but then the user has a more difficult password to memorize, so that argument is irrelevant. You should be thing about what actual humans actually do, rather than assume your users are technically sophisticated and willing to put in the effort to do the right thing.

> That's why I don't like to advertise with an "uncrackable hash function". In the end this might lead users to choose a shorter password, which is way worse!

Don't advertise it as such, but do it anyway, and explain the details in an FAQ.

> Keep in mind that if a breach happens, the database is also hashed. And salted! So the attacker would need to crack that first anyway.

The space bar code and "secret word" portion together are the same across all sites. If your password is compromised on two or three services, the attacker has this constant portion, and the remainder of your password is a simple substitution cipher encoding the service's name.

I used to open a text editor and mash on the keyboard until I had an 8-12char password. I'd then type that sequence out again 10-20 times until it was burned into my memory. Then I close the editor without saving it :) Let your subconscious "muscle-memory" remember the password for you! Bonus point: if someone tries to coerce you into revealing your password, you honestly won't know what it is without typing it out. This doesn't seem to scale beyond doing it a few times as they get hard to remember, but it can make for a few secure email/banking passwords.

Why would you use an encrypted file when you have free, open source password managers like Keepass?
Every time you login somewhere, you open the file, search for the site, copy the password and paste it in the browser?
What do you do when you need a password on your phone?
What do you do to clean your memory after the paste operation to reduce the likelyhood of memory trojans reading it?

How much do you get paid / hour?
Cause that takes times. 5 minutes here, 5 minutes there and I guarantee you that if you do the math, you're wasting a lot of time doing stuff that password managers (online/offline/closed or open sourced) can do automatically.

I used pen and paper for a decade now. I have a folder and preprinted forms where I note passwords with pens. The folder had like 20 sheets. This worked pretty well and is without doubt the most secure variant -- I always have my folder with me. Note that this only stores the important passwords. I use weak and dumb passwords for non-important services (similar to disposable email boxes).

Anyway I want to change to a paperless variant due to the increasing amount of "important" services.

I have a friend who does the same, but a folder with password is not encrypted. If it's stolen, or you just leave it somewhere by mistake, or if you leave it on a table while you piss, byebye security... A hacker only needs your old yahoo password to hack everything else.
Please use at least Keepass, it has a master password, it is encrypted all the time if you want, it can have browser integration, it can upload the encrypted DB to the cloud..

That's true. However, in general I trust my environment so much more than "the whole Internet" which potentially can gain access to my systems. In fact, I don't think encrypting password managers (even in their simplicity such as https://www.passwordstore.org/) prevent typical use cases: If your home account is compromised, it is easy manipulate the workflow and subsequently decrypt your virtual password storage.

Spreadsheet that's encrypted inside an encrypted drive (veracrypt). If I can't remember the password I used, I just open everything up then copy/paste. Use 2FA where possible and have never answered a "security question" without some ridiculous bullshit answer (that is also stored in the spreadsheet in case I have to look it up).

The only issue is when I try to do shit on my phone, but that's never been critical as I'm in front of computers 12-16 hours a day.